Google OAuth conditional scope, requestPermissions

Hi Team,
My use case is to allow users to login with google. And later, provide them options to opt for linking to Google calendar.

i.e by default I need only email/profile scope during login. And, when the user clicks the button inside the app ( like Update events to my Google calendar ), I want to get the permissions for accessing

One option I figured out is to call LoginWithGoogle the second time with the requestPermissions.
My questions are,

  1. Is this the correct way?
  2. If so, how do I prompt the user to provide permission ( without further button click) if user is denied or revoked this access later point? i.e when getting 403 - insufficientPermissions error.
  3. What are the exceptions that I need to take care of?

Your help is highly appreciated.